Jump to content


Malware Hunters
  • Content Count

  • Joined

  • Last visited

Community Reputation

1 Neutral


About alvarnell

  • Rank
    Macintosh Guru

Profile Information

  • Location
    Mountain View, CA, USA
  • Interests
    Honorary Member
    Macintosh computing, Mac malware analysis and prevention.

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. From other community members, usually a matter of minutes to a few hours. From staff members within 24-hours during business hours (week days). Things seem to stack up over weekends, so Mondays are always busy days. Most, but not all staff members are on the US West Coast where I am.
  2. @adas, from the Malwarebytes staff, wants to analyze it, probably to see if it's something Malwarebytes needs to detect.
  3. Since these notifications are coming from the Password settings on your iPhone, then I'm confident that those links were legit at the time of the compromise and clicking on them is a trustworthy means of accessing the site to make any password changed. I went through all of the ones listed on my iPad today and was not able to repeat your findings. A small number of sites came up blank, but none came up referencing Distil Networks. I haven't taken the time to dig in to those, but suspect the sites no longer exist today and those messages are coming from either your DNS service provider or
  4. This might help Trojan.StolenData. In general, anti-malware for Mac computers is ineffective at identifying malware in a Windows VM, so I'm both surprised that Malwarebytes for Mac found it there and Malwarebytes for Windows found nothing. Sorry, I've just read your post in the Windows forum and see that I misinterpreted what you were asking. Since Malwarebytes for Mac found nothing, I wouldn't worry about the Mac side of your computer.
  5. I'll just add that Ransomware is considered to be malware on the Mac platform, so you are protected against the few such threats that have existed to date. I don't actually know what "Exploit protection" means in a Windows environment, but in my book an exploit is malware that takes advantage of a vulnerability which is generally what all malware attempts to do. Web protection might be considered a deficiency here and that is due to some macOS restrictions that prevent it from being implemented in the Malwarebytes app itself. There are extensions for Chrome and Firefox that accomplish thi
  6. Are you certain that you received this notification from a reliable source? What was it that notified you and how did you receive it (e-mail, text, pop-up, etc.). Do you have an Imperva product installed on your Mac (they appear to be associated with Distil Networks, Inc.). I subscribe to some services (e.g. https://haveibeenpwned.com) that alert me to such things, but only something new and rarely more than one compromised password at a time. I'm concerned that this could be a phishing attempt designed to harvest changed passwords. I would need to know the url to give you
  7. Broken code was my conclusion, as well. I'm guessing that you probably accidentally approved a download at some point and Safari remembers that and allows them without asking now. To fix that open Safari Preferences->Websites and click on "Downloads" in the left hand "General" column. Now look for the "safeframe.googlesyndication.com" or perhaps just "googlesyndication.com" and click the "Remove" button.
  8. The file you posted here, when unzipped is zero bytes. And please don't post suspected malware here again. Either send it by Private Message (click on member name and then use the "Message" button) or post it to the Research Center "Newest Mac Threats" forum. I'm afraid we are unable to provide additional help without having at least some of the information requested earlier. - What browser (and version) are you using. - What extensions or add-ons do you have installed in that browser?
  9. I got a similar report on an email list I monitor. OP was browsing the Guardian web site. @Jazzbro77what website are you seeing this on?
  10. As I cited above, the Developer documentation for Safari 14 extensions say that "BlockingResponse" and "Blocking" Web Requests are not supported. Not sure why nobody from the staff has chosen to comment here, just that @treed is on a lengthy vacation out-of-state at the moment.
  11. I've been spending some time looking into what safeframe.googlesyndiation is all about. I'll start by assuring you that it has no association whatsoever with malware, rather it's a mechanism that's used by google to provide websites with safe advertising via Adsense. That being said, I can't think of any reason for you to be using that service unless you have a website hosted on your computer.
  12. If you have JavaScript turned on in your preferences, it isn't surprising that a js (javascript) file would be allowed to download to your computer. If you disallow javascript, it is quite likely that many websites would not work properly as javascript is widely used for important functions. Where did you find the f.txt.js file? Next time you get one please send it to me in a PM before deleting it. You said something about the popup looks different. Please take a screenshot of it and include it with your next reply. I still need to know more about your setup to comment further.
  13. There was a recent update to Java, so that was almost certainly legit. If you don't need it to run any third party apps, then there is no need to re-install it. There haven't been any serious issue with Java for Mac users for a long time now, but if needed you should keep it up-to-date. Malwarebytes and many other anti-malware software packages focus on disabling malware by quarantining or deleting the active processes of that malware and often ignore the passive files that may be associated with it. Viewing previews of even active files should not cause any damage as they have to be actu
  14. That all sounds normal to me, but I don't really know your setup. What macOS are you running, what browser and version are you seeing this in? Are you running a third party firewall and what browser extensions / add-ons do you have installed? Do you have browser preferences set to alert you to fraudulent web sites? Here's what Apple has to say: https://support.apple.com/HT203987
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.